Export limit exceeded: 317752 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (317832 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-2521 2026-06-12 N/A
This candidate was issued in error.
CVE-2017-20240 1 Arodland 1 Crypt::pbkdf2 2026-06-12 5.9 Medium
Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key.
CVE-2022-42479 2 Templatehouse, Wordpress 2 Soledad, Wordpress 2026-06-12 5.4 Medium
Missing Authorization vulnerability in TemplateHouse Soledad allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Soledad: from n/a through 8.2.5.
CVE-2022-44630 2 Wordpress, Yith 2 Wordpress, Yith Woocommerce Product Slider Carousel 2026-06-12 4.6 Medium
Cross-Site request forgery (CSRF) vulnerability in YITH YITH WooCommerce Product Slider Carousel allows Cross Site Request Forgery. This issue affects YITH WooCommerce Product Slider Carousel: from n/a through 1.16.0.
CVE-2023-32959 2 Sparkle Wp, Wordpress 2 Metrostore, Wordpress 2026-06-12 4.3 Medium
Missing Authorization vulnerability in Sparkle WP MetroStore metrostore allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MetroStore: from n/a through 1.3.2.
CVE-2023-45583 1 Fortinet 4 Fortios, Fortipam, Fortiproxy and 1 more 2026-06-12 6.5 Medium
A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.4.0, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0.0 through 6.0.16, FortiPAM 1.1.0, FortiPAM 1.0 all versions, FortiProxy 7.2.0 through 7.2.5, FortiProxy 7.0.0 through 7.0.11, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions, FortiSwitchManager 7.2.0 through 7.2.2, FortiSwitchManager 7.0.0 through 7.0.2 allows attacker to execute unauthorized code or commands via specially crafted cli commands and http requests.
CVE-2023-36640 1 Fortinet 4 Fortios, Fortipam, Fortiproxy and 1 more 2026-06-12 6.5 Medium
A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.4.0, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0.0 through 6.0.16, FortiPAM 1.1.0, FortiPAM 1.0 all versions, FortiProxy 7.2.0 through 7.2.5, FortiProxy 7.0.0 through 7.0.11, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions allows attacker to execute unauthorized code or commands via specially crafted commands
CVE-2023-34576 1 Store-opart 1 Op\'art Product Faq 2026-06-12 9.8 Critical
SQL injection vulnerability in updatepos.php in PrestaShop opartfaq through 1.0.3 allows remote attackers to run arbitrary SQL commands via unspedified vector.
CVE-2021-39904 1 Gitlab 1 Gitlab 2026-06-12 4.3 Medium
An Improper Access Control vulnerability in the GraphQL API in all versions of GitLab CE/EE starting from 13.1 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows a Merge Request creator to resolve discussions and apply suggestions after a project owner has locked the Merge Request
CVE-2021-39911 1 Gitlab 1 Gitlab 2026-06-12 1.7 Low
An improper access control flaw in all versions of GitLab CE/EE starting from 13.9 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 exposes private email address of Issue and Merge Requests assignee to Webhook data consumers
CVE-2021-39913 1 Gitlab 1 Gitlab 2026-06-12 4.4 Medium
Accidental logging of system root password in the migration log in all versions of GitLab CE/EE before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker with local file system access to obtain system root-level privileges
CVE-2023-34575 1 Store-opart 1 Op\'art Save Cart 2026-06-12 9.8 Critical
SQL injection vulnerability in PrestaShop opartsavecart through 2.0.7 allows remote attackers to run arbitrary SQL commands via OpartSaveCartDefaultModuleFrontController::initContent() and OpartSaveCartDefaultModuleFrontController::displayAjaxSendCartByEmail() methods.
CVE-2023-30148 1 Store-opart 1 Multi Html Block 2026-06-12 6.1 Medium
Multiple Stored Cross Site Scripting (XSS) vulnerabilities in Opart opartmultihtmlblock before version 2.0.12 and Opart multihtmlblock* version 1.0.0, allows remote authenticated users to inject arbitrary web script or HTML via the body_text or body_text_rude field in /sourcefiles/BlockhtmlClass.php and /sourcefiles/blockhtml.php.
CVE-2023-36263 1 Store-opart 1 Op\'art Limit Quantity 2026-06-12 9.8 Critical
Prestashop opartlimitquantity 1.4.5 and before is vulnerable to SQL Injection. OpartlimitquantityAlertlimitModuleFrontController::displayAjaxPushAlertMessage()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.
CVE-2025-24268 1 Apple 1 Macos 2026-06-12 5.5 Medium
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.4. An app may be able to access sensitive user data.
CVE-2025-24284 1 Apple 1 Macos 2026-06-12 8.8 High
This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Sequoia 15.4. An app may be able to break out of its sandbox.
CVE-2025-30431 1 Apple 1 Macos 2026-06-12 5.5 Medium
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious app may be able to access private information.
CVE-2025-30459 1 Apple 1 Macos 2026-06-12 5.5 Medium
A privacy issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.4. An app may be able to access sensitive user data.
CVE-2025-31272 1 Apple 1 Macos 2026-06-12 7.8 High
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4. An app may be able to bypass launch constraint protections and execute malicious code with elevated privileges.
CVE-2025-43339 1 Apple 1 Macos 2026-06-12 5.5 Medium
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26.1. A malicious app may be able to access sensitive user data.